Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Security Architect - Threat Modeling (SVP)

Citi

Citi

Security Architect - Threat Modeling (SVP)

New York, NY
Full Time
Paid
  • Responsibilities

    OVERVIEW

    Citi's technology team is growing at lightning speed, and we're looking for talented technologists to help build the future of global banking. Our teams are creating innovations used across the globe - we're changing the way people bank and how the world does business. Citi's technology team supports business operations in 100+ countries, across multiple lines of business spanning both Institutional and retail businesses. The group works to optimize the IT environment by standardizing production platforms, reducing complexity, and introducing innovative solutions that provide new business capabilities, reduce total cost of ownership, and create a competitive advantage for Citi. Join an environment with a laser focus on growth and progress, and take your career to the next level through the power of Citi's unmatched globality and vast expertise.

    SUCCESS PROFILE

    As the world's most global bank, Citi gives you the tools to be a trailblazer. We're not just building technology, we're building the future of banking. With thousands of employees located around the globe, we are an international team encompassing a broad range of teams, roles, and cultures, and we invite you to come and join us!

    • Creative
    • Analytical
    • Collaborative
    • Productive
    • Adaptable
    • Relationship Expertise

    RESPONSIBILITIES

    Cloud Application Security Architect will be part of CITI's Chief Information Security Organization (CISO). This role is an individual contributor who will be responsible for Security Architecture and Threat modeling, which includes governance, public cloud services, technical evaluation, and security reviews for Citi's Public Cloud Providers. This position requires close collaboration and partnership with Engineering, Information Security, Program Management, and Development organizations. The candidate will perform technical architecture review to determine where security can be, to identify threats that can be exploited, and prescribe how to mitigate those threats. The goal of the CISO Public Cloud Security Engineering team is to enable adoption of cloud security practice through secure solutions and methodologies, improving the security posture of public cloud infrastructure, and streamlining cloud adoption while complying with standards and regulations. The responsibilities include:

    • Act as a security advisor to developers, architects, engineers, security engineers and other stakeholders to ensure we design confidentiality, integrity, resiliency, and privacy into cloud platform.
    • Create security specifications, develop processes and evaluate tools for the secure adoption of cloud services (AWS, GCP, Azure)
    • Oversee cloud related projects to ensure appropriate usage of Public Cloud Services and security methodologies used.
    • Drive adoption of embedded cloud security controls as part of the Software Development Life Cycle (SDLC) in agile methodology, including automated tools.
    • Develop and improve threat model process and continuously improve towards optimal delivery
    • Evaluate 3-rd party Cloud services, systems, tools and solutions.
    • Collaborate with line of business development organizations as well as security engineering and testing teams in a leadership and advisory role.
    • Work with standardization and regulatory frameworks such as NIST, Cloud Security Alliance, COSO, SOC 2, FIDO, etc.
    • Ability to explain technical jargon to non-technical business partners.
    • Solid understanding of basic application security vulnerabilities (OWASP top 10) and countermeasures to reduce related risks.
    • Strong knowledge and experience Threat Modeling, utilizing any Risk Methodology
  • Qualifications
    • Bachelor's (Information Security/Computer Science/Electronics and Engineering/Information Technology), or equivalent work experience
    • 7+ years of experience in information security or information technology management, and 3+ years of experience in Cloud Security Architecture
    • Excellent problem-solving abilities and analytical skills. Ability to see the big picture with high attention to critical details
    • Strong work ethic with excellent use of discretion and judgment
    • Ability to work across lines of business to lead threat modeling teams
    • Works in DevSecOps environment using Atlassian work suite (Jira, Confluence)
    • Ability to work under pressure, meet challenging deadlines
    • Demonstrated ability to work effectively both as part of a team and independently
    • Effective communicator; has excellent writing and verbal skills
    • Has the ability to influence others and shape the desired outcome in areas outside of direct control
    • Demonstrated ability to develop and implement process improvement initiatives.
    • Generalist with a technical background in IAM, Logging, operating systems, middleware, security technologies, and network architectures
    • Direct hands-on experience in securing public cloud providers, such as Amazon AWS, Azure, and GCP
    • Working knowledge of Agile, SAFe, or DevSecOps
    • Working knowledge of GIT, JIRA, Jenkins, CloudFormation, Terraform, and other Agile CI/CD tooling

    PREFERRED QUALIFICATIONS :

    • Professional Security Certifications: CISSP, CCSP, CISA, CISM, ITIL
    • Cloud Computing certifications such as CCSK, AWS, Azure, and GCP a plus
    • Strong knowledge of industry standards as they relate to Cloud and Application security management to include ISO, NIST, and Cloud Security Alliance (CSA)
    • Exposure to agile development, DevOps, SecOps and scrum teams
    • Hands-on-experience with cloud security designs on AWS, GCP or Azure
    • Development experience (python, Node)
    • Strong desire to learn and contribute solutions and ideas to broader team
  • Desired skills

    LEADERSHIP QUALITIES :

    • Self-motivated with the ability to work independently and as a team member with minimal direction
    • Ability to provide effective leadership and subject matter expertise in Information Security topics to senior management, technology and business partners
    • Employ influencing skills to obtain buy-in and participation from various groups and stakeholders without direct control
    • Build and maintain collaborative relationships with partners, clients and peers
    • Ability to communicate effectively at different levels of the organization, and with various technical and business audiences
    • Excellent problem solving abilities and analytical skills. Ability to see the big picture with high attention to critical details
    • Dedicated and self-driven desire to research current information security landscape
    • Excellent organizational, interpersonal, and project management skills
    • Excellent communication skills both written and oral
    • Record of accomplishment in managing work to achieve milestones on global projects on time and within budget in a fast-paced environment

    JOB FAMILY GROUP: Technology JOB FAMILY: Systems & Engineering TIME TYPE:

    Citi is an equal opportunity and affirmative action employer. Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review ACCESSIBILITY AT CITI. View the "EEO IS THE LAW" poster. View the EEO IS THE LAW SUPPLEMENT. View the EEO POLICY STATEMENT. View the PAY TRANSPARENCY POSTING

  • Industry
    Financial Services
  • About Us

    Citi enables growth and progress for individuals, communities, institutions and governments around the world and has been doing so for more than 200 years. They recognize that their ability to best serve their clients and customers comes from the diverse and engaged employee base and they work tirelessly to deliver opportunities for growth and development to the most talented people. This is a place where the best come to get better.